1. Home
  2. Server Administration
  3. Securing Windows Server 2003

A.3 Considerations for Secure Email

Secure email provides a number of advantages to both senders and recipients. These advantages were shown in the beginning of this appendix. However, there are some downsides to using secure email. You must consider a number of factors when deciding whether to use secure email in your company or between trusted parties across an untrusted network. Some of these considerations may not have an impact on your decision, but in all likelihood you'll need to address them all to make secure email work.

The considerations for using secure email include:

  • Digitally signed messages require that the recipient trust the digital certificate used by the sender. That may require the recipient to accept a new certificate publisher to trust. Some recipients' computers may be configured so that only an administrator can add a new trusted publisher; unless the administrator trusts the sender's certificate (and the publisher of that certificate), digital signatures are useless.

  • Encryption makes email messages (and their attachments) larger, depending on the algorithm, requiring more network bandwidth to transmit them, storage space to retain them, and processing power to decrypt them. Recipients with older computers may not be able to read encrypted messages because their computers may lack power or the more modern cryptographic algorithms.

  • Encryption requires that you obtain a public encryption key for your recipient. If your recipient doesn't have a public key, or if their public key is issued by a private certification authority that you don't have access to, then encryption is impossible.

  • Both signatures and encryption require both the sender and the recipient to have email software that supports secure email. While most new email applications provide such support, users with older software will be unable to participate. Also, many text-based email programs do not support cryptographic operations and will be unable to correctly process the receipt of a signed or encrypted message.

Once you've reviewed these considerations and addressed them in your overall secure email strategy, you're ready to move on to implementation of your system.



    		Securing Windows Server 2003
    		Preface
    		Chapter 1. Introduction to Windows Server 2003 Security
    		Chapter 2. Basics of Computer Security
    		Chapter 3. Physical Security
    		Chapter 4. File System Security
    		Chapter 5. Group Policy and Security Templates
    		Chapter 6. Running Secure Code
    		Chapter 7. Authentication
    		Chapter 8. IP Security
    		Chapter 9. Certificates and Public Key Infrastructure
    		Chapter 10. Smart Card Technology
    		Chapter 11. DHCP and DNS Security
    		Chapter 12. Internet Information Services Security
    		Chapter 13. Active Directory Security
    		Chapter 14. Remote Access Security
    		Chapter 15. Auditing and Ongoing Security
    		Appendix A. Sending Secure Email
    		A.1 What Is Secure Email?
    		A.2 How Does Secure Email Work?
    		A.3 Considerations for Secure Email
    		A.4 Secure Email Implementation
    		A.5 Summary
    		Colophon